stefanberger/swtpm
Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
24 Releases
Latest: 1y ago
Release of v0.10.1v0.10.1Latest
stefanberger·1y ago·April 30, 2025📋 Changes
- swtpm:
- Fix build error on 32bit systems due to inconsistent _FILE_OFFSET_BITS
- swtpm_setup:
- Use DISTRO_PROFILES_DIR when listing profiles (fix path issue)
- Do not pass a TPM 2 profile to swtpm when reconfiguring
- selinux:
- Add rule for swtpm to be able to read password from pipe
- allow to map state file
- + 6 more
Release of v0.10.0v0.10.0
stefanberger·1y ago·November 15, 2024📋 Changes
- swtpm:
- Requires libtpms v0.10.0
- Display tpmstate-opt-lock as a new capability
- Add support for lock option parameter to tpmstate option
- nvstore_linear: Add support for file-backend locking
- Remove broken logic to check for neither dir nor file backend
- Use ptm_cap_n to build PTM_GET_CAPABILITY response
- Define a structure to return PTM_GET_CAPABILITY result
- + 62 more
Release of v0.9.0v0.9.0
stefanberger·2y ago·June 18, 2024📋 Changes
- swtpm:
- Use umask() to create/truncated state file rather than fchmod()
- Use fchmod to set mode bits provided by user
- Replace mkstemp with g_mkstemp_full (Coverity)
- fix typo in help message
- cuse: Fix Coverity complaints regarding locks
- Fix double free in error path
- Close fd after main loop
- + 56 more
Release of v0.8.2v0.8.2
stefanberger·2y ago·March 23, 2024📋 Changes
- swtpm:
- cuse: Lock file_ops_lock before reading tpm_running
- build-sys:
- Add support for --disable-tests to disable tests
Release of v0.7.4v0.7.4
stefanberger·2y ago·August 16, 2023📋 Changes
- swtpm:
- Restore logging to stderr on log open failure
- Disable OpenSSL FIPS mode to avoid libtpms failures
- Avoid locking directory multiple times
- swtpm_setup:
- Exit with '0' upon --version rather than '1'.
- swtpm_localca:
- Add missing NULL option to end of array
- + 3 more
Release of v0.8.1v0.8.1
stefanberger·2y ago·August 16, 2023📋 Changes
- swtpm:
- Restore logging to stderr on log open failure
- swtpm_setup:
- Exit with '0' upon --version rather than '1'.
- Initialized @argv in get_swtpm_capabilities()
- swtpm_localca:
- Add missing NULL option to end of array
- SELinux:
- + 3 more
Release of v0.8.0v0.8.0
stefanberger·3y ago·November 10, 2022📋 Changes
- swtpm:
- Implement release-lock-outgoing parameter for --migration option
- Introduce --migration option and 'incoming' parameter
- Implement terminate parameter for ctrl channel loss
- Add a chroot option
- Introduce disable-auto-shutdown flag for --flags option
- If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
- Add some more recent syscalls to seccomp profile
- + 21 more
Release of v0.6.4v0.6.4
stefanberger·3y ago·September 8, 2022📋 Changes
- swtpm
- Use uint64_t in tlv_data_append() to avoid integer overflows
- Use uint64_t to avoid integer wrap-around when adding a uint32_t
Release of v0.7.3v0.7.3
stefanberger·4y ago·April 28, 2022📋 Changes
- swtpm:
- Use uint64_t in tlv_data_append() to avoid integer overflows
- Use uint64_t to avoid integer wrap-around when adding a uint32_t
- build-sys:
- Fix configure script to support _FORTIFY_SOURCE=3
- Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
Release of v0.5.4v0.5.4
stefanberger·4y ago·March 11, 2022📋 Changes
- swtpm:
- Do not chdir(/) when using --daemon
Release of v0.7.2v0.7.2
stefanberger·4y ago·March 8, 2022📋 Changes
- swtpm:
- Do not chdir(/) when using --daemon
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- man pages:
- Add missing .config directory to path description when using ${HOME}
- + 2 more
Release of v0.6.3v0.6.3
stefanberger·4y ago·March 8, 2022📋 Changes
- swtpm:
- Do not chdir(/) when using --daemon
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- man:
- Add missing .config directory to path description when using ${HOME}
- + 3 more
Release of v0.7.1v0.7.1
stefanberger·4y ago·February 18, 2022📋 Changes
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645)
- swtpm_localca:
- Test for available issuercert before creating CA
Release of v0.6.2v0.6.2
stefanberger·4y ago·February 18, 2022📋 Changes
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645)
- swtpm-localca:
- Test for available issuercert before creating CA
- swtpm_setup:
- Report stderr as returned by external tool (swtpm-localcal)
- Fix exit code on error to be '1'.
Release of v0.5.3v0.5.3
stefanberger·4y ago·February 18, 2022📋 Changes
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645)
- Fix --print-capabilities for 'swtpm chardev'
- swtpm_localca:
- Test for available issuercert before creating CA
- swtpm_cert:
- Rename deprecated libtasn1 types
- man pages:
- + 8 more
Release of v0.7.0v0.7.0
stefanberger·4y ago·November 9, 2021📋 Changes
- swtpm:
- Support for linear file storage backend (file://)
- Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
- Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
- Wipe keys from stack and heap
- Many other small changes
- Make --daemon not racy
- swtpm_setup:
- + 21 more
Release of v0.6.1v0.6.1
stefanberger·4y ago·September 21, 2021📋 Changes
- swtpm:
- Clear keys from stack and heap
- swtpm-localca:
- Add missing else branch for pkcs11 and PIN
- swtpm_setup:
- Initialize Gerror and free it
- Replace '\\s' in regex with [[:space:]] to fix cygwin
- tests:
- + 4 more
Release of v0.6.0v0.6.0
stefanberger·5y ago·June 7, 2021📋 Changes
- swtpm:
- Fix --print-capabilities for 'swtpm chardev'
- Various cleanups and fixes (coverity)
- Addressed potential symlink attack issue (CVE-2020-28407)
- swtpm_setup:
- Rewritten in 'C'; needs json-glib
- Addressed potential symlink attack issue (CVE-2020-28407)
- swtpm_ioctl:
- + 9 more
Release of v0.5.2v0.5.2
stefanberger·5y ago·December 26, 2020📋 Changes
- swtpm:
- Fix potential buffer overflow related to largely unused data hashing
- swtpm: Unconditionally close fd if writing of pidfile fails (coverity)
- swtpm_setup:
- Increase timeout from 10s to 30s for slower machines
- Travis:
- Not building on OS X anymore due to additional costs
Release of v0.5.1v0.5.1
stefanberger·5y ago·November 23, 2020📋 Changes
- swtpm & swtpm_setup:
- Addressed potential symlink attack issue (CVE-2020-28407)
- build-sys:
- Fix configure python cryptography error message
Release of v0.4.2v0.4.2
stefanberger·5y ago·November 23, 2020📋 Changes
- swtpm & swtpm_setup:
- Addressed potential symlink attack issue (CVE-2020-28407)
Release of v0.5.0v0.5.0
stefanberger·5y ago·November 23, 2020📋 Changes
- swtpm:
- Write files atomically using a temp file and then renaming
- swtpm_setup:
- Removed remaining 'c' wrapper program
- Do not truncate logfile when testing write-access (regression)
- Remove TPM state file in case error occurred
- swtpm-localca:
- Rewrite in python
- + 7 more
Release of v0.4.1v0.4.1
stefanberger·5y ago·November 23, 2020📋 Changes
- swtpm_setup:
- Do not hardcode '/etc' but use SYSCONFDIR
- Fix support for -h and -? options
- Add missing .config path when using ${HOME}
- swtpm-localca:
- Apply password for signing key when creating platform cert
- Properly apply passwords for localca signing key
Release of v0.4.0v0.4.0
stefanberger·5y ago·November 23, 2020📋 Changes
- swtpm:
- Invoke print capabilities after choosing TPM version
- Add some recent syscalls to seccomp blacklist
- swtpm_cert:
- Support --ecc-curveid option to pass curve id
- swtpm_setup & related scripts:
- Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
- python3: pip, cryptography, setuptools
- + 15 more